Nice video! Can i generate packets via snort so i can create an TCP/UDP/SYN/ACK/.. stream to test my switch configurations and bottlenecks ? Creating lots of bandwidth not just a ping repeat. That would be great! Do you prefer Windows or Linux for this program. Anyone ?

I have a problem...with registry key:

What is that, please explain

@diyothelilundergo You need to install winpcap

guys just build up a standalone router based on pfSense and use the SNORT package there.

Not bad, but you need to do a better job of explaining WHY you are doing some things. For instance you are changing many parts of the config, but you dont explain what they do or how you know to change them. (Truthfully, you would think the windows binaries would replace the unix paths in the config....)

Thank you for the tutorial, youhakim .

It was quick and efficient.

Any plans on showing this on Win7 64 bit? I suppose the changes in the snort.conf file are the same.?

Youhakim, I downloaded snort-2.9.0.5 along with the 2.9.0.5 rules. snort.conf file looks a little different than your version but when I make the changes you recommended, I get fatal errors in the normalization area-line 231. Any help/advice/recommendations would be appreciated. BTW, I did run snort sucessfully just running snort -i 2

Great Video!

youhakim, could you also do one for installation of Snort on a Vista machine?

Thanks for your help!

Excellent. I hope you can post an updated one as well!

Regards from the Emirates.

very good !!

I am having major issues installing this. I go to the snort website to download the excutable and this weird sceen comes up and there isnt a file to save to the desktop. Any suggestion anyone.

@dadundada If you can't even download it, you're going to have some serious problems trying to install it from a 2-year-old tutorial.

youhakim is the shit!

This gentleman always puts out great stuff.

thank you for this tutorial!

Thank you for the video.

Is there a way to be alerted via email if one of the rules are being compromised ?

Thank You my friend for the tutorial

Well that's indeed a good video, you have explained pretty good the use of snort on windows. where can i +rep you :P

thank you so much bro

Good for anyone installing SNORT for the first time. Answers some basic questions. thanks.

Shukran ya Hamin, very well done, well organized, and with examples and in a short time. This is by far one of the best tutorials. Thumbs Up

thank u soooooo much for this video...

awesome video. awesome voice

does anybody know, why I get this error. I did all, how it's said in the video.

ERROR: c:\Snort\etc\snort.conf(214) Missing/incorrect dznamic engine lib specifier

@luisa9911

on the line with "dynamicpreprocessor directory C:\Snort\lib\snort_dynamicprep­rocessor\", remove the "\" at the end.

Thus, that line becomes "dynamicpreprocessor directory C:\Snort\lib\snort_dynamicprep­rocessor". That fixed the problem for me.

thnx brother can you tel me where do i get lan rules

Hey, thanks a ton for this video. I've had a headache trying to get Snort to work. Have to set it up on a win 2k3 box for a security class at school.

its at 2:00

these instructions work for the newer version too...just skip the step where he drags the snort.conf file from the rule set to the snort folder. somehow that file messes up snort when you try to go to ids mode

its an older version he has..

the new download has these modules already inserted..

i think all that needs to be done is changing the drives letter.

so am i going to have to do the snort command everytime i wanna start the sniffer/IDS. I know I wont have to drag items or change the config file. but any ccommand enter in "cmd" will I have to use when i start the computer.

also is the sniffer data saved anywhere on the computer??

you need to >> into a text file..

in to the log file.

omg god what a *&^*^% voice

wow. Impressive! Very professional. You rock!

ماشاء الله عليك ياحكيم

you the best

JAK Hakim almaghribi? :)

May ALLAH bless you,

Amine--

do i need to install barnyard to get the log file as shoed in the vid?

Shukriya Hakim,

Mashallah behad umda kaam kiya hai.

This video is very helpfull. I just hope there's a version (for newbies like me) that automatically configures itself upon install.

This is outstanding.

Hi, at 3:45 how do you know the address of pc and the mask?. thank you in advance

Hi Hakim,

Your video is so helpfull to very easy to understand how to configure a snort IDS and how to detect intrusions!

Please make other videos to understand deeply this tool.

Thank you so much and may Allah bless you! Amen!

well in this, you didnt install winpcap, it asks me to install. where i lack...

Snort relys on winpcap to capture the traffic from the wires and you must install it before installing the IDS.

Go to the winpcap site to get the last version of the setup program, it is very easy to install.

thanks a lot, best wishes

You are a genius!!!

this is hot. thanks bro

I liked your snort tutorial. thanks